「开源摘星计划」优麒麟系统（国产）部署Harbor私有镜像仓库服务

Posted 2022-09-07 键客李大白

  

---

一、环境描述

  随着国产化浪潮的兴起，企业都逐步将服务部署在国产的操作系统上。

  本篇文章则在优麒麟20.04操作系统上部署Harbor 2.6.0私有镜像仓库服务，其它版本的Harbor亦可参考本文档。关于优麒麟的详细信息可查看： https://www.openkylin.top/

二、主机初始化

2.1 禁用交互分区

$ sudo sed -i / swap / s/^\\(.*\\)$/#\\1/g /etc/fstab

2.2 配置系统软件源

$ sudo sed -i "s@http://.*archive.ubuntu.com@https://mirrors.aliyun.com/@g" /etc/apt/sources.list
$ sudo sed -i "s@http://.*security.ubuntu.com@https://mirrors.aliyun.com/@g" /etc/apt/sources.list
$ sudo apt-get update
$ sudo apt-get install  lrzsz  wget  #lrzsz工具可以在xshell等工具上传/下载文件

2.3 配置docker软件源

  配置阿里云的docker-ce软件源，然后才可以下载安装docker-ce。

1）安装依赖工具

$ sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common

2）安装GPG证书

$ curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

3）写入软件源信息

$ sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

4）更新软件源

$ sudo apt-get -y update

---

2.4 安装docker

$ apt-cache madison docker-ce  #查找Docker-CE的版本
$ sudo apt-get -y install docker-ce=[VERSION]    #安装指定版本的docker
$ docker  version
$ sudo systemctl start --now docker
$ sudo systemctl status  docker

2.5 安装docker-compose

$ sudo wget https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64
$ sudo mv  docker-compose-linux-x86_64   /usr/local/bin/docker-compose
$ sudo chmod +x  /usr/local/bin/docker-compose
$ ls  -l /usr/local/bin/docker-compose
-rwxr-xr-x 1 root root 24707072 1月   7  2022 /usr/local/bin/docker-compose
$ sudo docker-compose   version
Docker Compose version v2.2.3

2.6 配置内核参数

$ sudo echo """
kernel.sem = 250 32000 100 128
net.core.netdev_max_backlog = 32768
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.wmem_max = 16777216
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_port_range = 32768 65535
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_mem = 94500000 91500000 92700000
net.ipv4.tcp_rmem = 32768 436600 873200
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_wmem = 8192 436600 873200
fs.file-max = 10240000
vm.min_free_kbytes = 4096000
vm.swappiness = 10
net.netfilter.nf_conntrack_max=1000000  """  > /etc/sysctl.conf 
$ sudo sysctl  -p

2.7 下载Harbor离线安装包

$ sudo wget -c https://github.com/goharbor/harbor/releases/download/v2.6.0/harbor-offline-installer-v2.6.0.tgz

三、安装Harbor

3.1 创建配置文件

将配置文件模板拷贝为配置文件。

$ tar -zxvf harbor-offline-installer-v2.5.3.tgz 
$ cd harbor/
$ cp harbor.yml.tmpl harbor.yml

3.2 修改配置

修改配置参数

$ vim harbor.yml
hostname: 192.168.2.26       #修改为主机IP或者域名
http:
  port: 80
#https:            #本处不使用https安全模式，如果使用需要证书
  #  port: 443
  #  certificate: /your/certificate/path
  #  private_key: /your/private/key/path

3.3 配置注入

  将配置文件中的参数注入到各个组件中，然后会自动生成common/config下每个组件的配置文件及认证证书等。

$ sudo docker load  -i harbor.v2.5.3.tar.gz   #导入镜像（可选，在安装时会自动导入）
$ sudo ./prepare

---

3.4 安装

$ ./install.sh  --help  #查看安装参数
$ sudo ./install.sh --with-trivy --with-chartmuseum 

出现以下内容则表示安装成功:

✔ ----Harbor has been installed and started successfully.----

3.5 查看Harbor组件服务状态

$ sudo docker-compose ps
NAME                COMMAND                  SERVICE             STATUS              PORTS
chartmuseum         "./docker-entrypoint…"   chartmuseum         running (healthy)   
harbor-core         "/harbor/entrypoint.…"   core                running (healthy)   
harbor-db           "/docker-entrypoint.…"   postgresql          running (healthy)   
harbor-jobservice   "/harbor/entrypoint.…"   jobservice          running (healthy)   
harbor-log          "/bin/sh -c /usr/loc…"   log                 running (healthy)   127.0.0.1:1514->10514/tcp
harbor-portal       "nginx -g daemon of…"   portal              running (healthy)   
nginx               "nginx -g daemon of…"   proxy               running (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp
redis               "redis-server /etc/r…"   redis               running (healthy)   
registry            "/home/harbor/entryp…"   registry            running (healthy)   
registryctl         "/home/harbor/start.…"   registryctl         running (healthy)   
trivy-adapter       "/home/scanner/entry…"   trivy-adapter       running (healthy) 

3.6 访问Harbor UI

在浏览器地址栏输入：http://192.168.2.26:80
用户名：admin
密码：Harbor12345